If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security?

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest.

If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security?
A . The user should not use his own security key as it is not secure
B . Configure S3 to rotate the user’s encryption key at regular intervals
C . Configure S3 to store the user’s keys securely with SSL
D . Keep rotating the encryption key manually at the client side

Answer: D

Explanation:

AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C). Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments